This is a graphic example of the difference between high availability and backup. You have HA, but it is NOT a backup!

If you have shadow copies enabled, you may (depending on how long the infection has been in place) be able to restore an older – pre infected – version. If not your choices are to pay the Danegeld or to lose your data. Paying may get your data back, but when dealing with criminals, you have no guarantees of anything!

You will be having an “interesting” conversation with management about this, after which you – or possibly your successor – will be asking for money to implement a proper offline backup solution, as well as better security to reduce the risk in future.

You haven’t mentioned if you have removed the infection yet as well as the file/email that some idiot opened to start this ball of fun.

Run Malwarebytes on each infected machine. Better still, [SIZE=12px]read [/SIZE][SIZE=16px]this[/SIZE]. If you can post what version of Ransomware, it may assist with removal instructions. Kaspersky can even recover the encrypted files of some versions of ransomware.

You can probably remove the ransomware but it’s doubtful you can recover the files. If you don’t have a clean backup of the data and the data is important/business critical then you may have to pay the ransom to get the decryption key.

Check out the resources available from Emsisoft. They have various decryptors available. If you have been hit with a older strain of ransomeware they might have a decryptor for it.https://decrypter.emsisoft.com/